Issue #11854 has been updated by Nan Liu.
Status changed from Unreviewed to Needs More Information
Can not reproduce this problem.
[root@master ~]# puppet cert -la
demo.puppetlabs.lan
(DF:23:9C:81:3F:DB:72:E3:BA:32:64:11:E0:AF:B2:C3)
f5.puppetlabs.lan
(2A:0C:A0:F8:C6:EE:EF:9B:B3:49:74:D1:27:31:1B:60)
+ agent01.puppetlabs.lan
(68:E3:F7:67:E7:8C:4B:07:7F:78:B0:53:71:18:58:14)
+ agent02.puppetlabs.lan
(D2:10:42:37:4F:2B:FB:AF:37:9C:1A:56:03:23:0C:B8)
+ master.puppetlabs.lan
(47:2B:A3:60:E5:EF:8B:B9:16:11:9D:EE:36:F2:0A:E2) (alt names: DNS:master,
DNS:master.puppetlabs.lan, DNS:puppet, DNS:puppet.puppetlabs.lan)
+ pe-internal-broker
(94:A9:7B:BB:FD:3C:A6:E1:8C:7F:A6:BF:D0:BC:74:D1) (alt names:
DNS:master.puppetlabs.lan, DNS:pe-internal-broker, DNS:stomp)
+ pe-internal-dashboard
(BE:72:ED:A0:F8:63:14:05:68:AA:F1:D3:E7:D2:4A:52)
+ pe-internal-mcollective-servers
(AE:BD:E3:DE:71:AB:A8:C8:98:9F:45:E8:3A:CD:CE:3F)
+ pe-internal-peadmin-mcollective-client
(67:DA:39:E4:ED:89:83:CE:BE:FF:51:06:A1:75:E3:95)
+ pe-internal-puppet-console-mcollective-client
(12:B7:4E:0C:9E:81:35:8F:56:CC:1B:28:9A:67:80:D1)
+ sun11.localdomain
(3D:44:F3:AC:1C:6C:FE:8A:B2:2B:06:9D:42:01:E0:D0)
[root@master ~]# puppet cert -s demo.puppetlabs.lan
notice: Signed certificate request for demo.puppetlabs.lan
notice: Removing file Puppet::SSL::CertificateRequest demo.puppetlabs.lan
at '/etc/puppetlabs/puppet/ssl/ca/requests/demo.puppetlabs.lan.pem'
[root@master ~]# puppet cert -c demo.puppetlabs.lan
notice: Revoked certificate with serial 12
notice: Removing file Puppet::SSL::Certificate demo.puppetlabs.lan at
'/etc/puppetlabs/puppet/ssl/ca/signed/demo.puppetlabs.lan.pem'
notice: Removing file Puppet::SSL::Certificate demo.puppetlabs.lan at
'/etc/puppetlabs/puppet/ssl/certs/demo.puppetlabs.lan.pem'
notice: Removing file Puppet::SSL::CertificateRequest demo.puppetlabs.lan
at '/etc/puppetlabs/puppet/ssl/certificate_requests/demo.puppetlabs.lan.pem'
notice: Removing file Puppet::SSL::Key demo.puppetlabs.lan at
'/etc/puppetlabs/puppet/ssl/private_keys/demo.puppetlabs.lan.pem'
[root@master ~]# puppet agent -t --certname=demo.puppetlabs.lan
info: Creating a new SSL key for demo.puppetlabs.lan
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for demo.puppetlabs.lan
info: Certificate Request fingerprint (md5):
89:9D:77:6C:05:34:95:EA:B6:81:EC:F5:52:26:36:80
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
[root@master ~]# puppet cert -s demo.puppetlabs.lan
notice: Signed certificate request for demo.puppetlabs.lan
notice: Removing file Puppet::SSL::CertificateRequest demo.puppetlabs.lan
at '/etc/puppetlabs/puppet/ssl/ca/requests/demo.puppetlabs.lan.pem'
[root@master ~]# puppet cert -la
f5.puppetlabs.lan
(2A:0C:A0:F8:C6:EE:EF:9B:B3:49:74:D1:27:31:1B:60)
+ agent01.puppetlabs.lan
(68:E3:F7:67:E7:8C:4B:07:7F:78:B0:53:71:18:58:14)
+ agent02.puppetlabs.lan
(D2:10:42:37:4F:2B:FB:AF:37:9C:1A:56:03:23:0C:B8)
+ demo.puppetlabs.lan
(A9:3E:3E:D8:3F:2D:75:0A:27:3E:8F:E0:93:8F:F3:BD)
+ master.puppetlabs.lan
(47:2B:A3:60:E5:EF:8B:B9:16:11:9D:EE:36:F2:0A:E2) (alt names: DNS:master,
DNS:master.puppetlabs.lan, DNS:puppet, DNS:puppet.puppetlabs.lan)
+ pe-internal-broker
(94:A9:7B:BB:FD:3C:A6:E1:8C:7F:A6:BF:D0:BC:74:D1) (alt names:
DNS:master.puppetlabs.lan, DNS:pe-internal-broker, DNS:stomp)
+ pe-internal-dashboard
(BE:72:ED:A0:F8:63:14:05:68:AA:F1:D3:E7:D2:4A:52)
+ pe-internal-mcollective-servers
(AE:BD:E3:DE:71:AB:A8:C8:98:9F:45:E8:3A:CD:CE:3F)
+ pe-internal-peadmin-mcollective-client
(67:DA:39:E4:ED:89:83:CE:BE:FF:51:06:A1:75:E3:95)
+ pe-internal-puppet-console-mcollective-client
(12:B7:4E:0C:9E:81:35:8F:56:CC:1B:28:9A:67:80:D1)
+ sun11.localdomain
(3D:44:F3:AC:1C:6C:FE:8A:B2:2B:06:9D:42:01:E0:D0)
Please provide detailed output and step by step process.
----------------------------------------
Refactor #11854: "Puppet cert list --all" output is confusing when a
certificate has been cleaned and a new certificate has been signed
https://projects.puppetlabs.com/issues/11854
Author: Gonzalo Servat
Status: Needs More Information
Priority: Normal
Assignee:
Category: SSL
Target version:
Affected Puppet version:
Keywords:
Branch:
When signing a certificate for a host, and subsequently cleaning it, if you
then sign a new certificate for the same host, the output of "puppet cert list
--all" will be:
- [host] ([fingerprint]) (certificate revoked)
So, according to this listing, the host appears to have its certificate revoked
when, in fact, it's the OLD certificate that was revoked.
It would be good to rework the output so that it shows something similar to:
- [host] ([fingerprint]) (certificate revoked)
- [host] ([fingerprint]) (certificate revoked)
...
- [host] ([fingerprint]) (certificate revoked)
+ [host] ([fingerprint])
That way you can see all revoked certificates and the current signed
certificate for the host. I can see that the listing could potentially get very
long, so perhaps maybe just show the last revoked certificate? Your thoughts?
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
